fix: updated variable validation for bucket_configs in fscloud subm…

…odule (#507)
terraform-ibm-modules · Jan 24, 2024 · 122c2cf · 122c2cf
1 parent f5db77c
commit 122c2cf
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/modules/fscloud/main.tf b/modules/fscloud/main.tf
@@ -6,7 +6,6 @@ locals {
       validate_sysdig_set         = can(bucket.metrics_monitoring.metrics_monitoring_crn) ? bucket.metrics_monitoring.metrics_monitoring_crn == null ? tobool("When metrics_monitoring is set, metrics_monitoring_crn must be provided.") : null : null,
       validate_hpcs_instance_guid = bucket.skip_iam_authorization_policy == false && bucket.kms_guid == null ? tobool("'kms_guid' must be provided if 'skip_iam_authorization_policy' is set to false") : null,
       validate_hpcs_key_crn       = bucket.kms_key_crn == null ? tobool("When kms_encryption_enabled is set, kms_key_crn must be provided.") : null,
-      validate_kms_encryption     = !bucket.kms_encryption_enabled ? tobool("kms_encryption_enabled must be set to true for all buckets.") : null,
     }
   ]
 }

diff --git a/modules/fscloud/variables.tf b/modules/fscloud/variables.tf
@@ -137,6 +137,11 @@ variable "bucket_configs" {
   }))
   description = "Cloud Object Storage bucket configurations"
   default     = []
+
+  validation {
+    condition     = length([for bucket_config in var.bucket_configs : true if contains([true], bucket_config.kms_encryption_enabled)]) == length(var.bucket_configs)
+    error_message = "The FSCloud submodule mandates that kms_encryption_enabled is set to true for all buckets in bucket_configs input variable value."
+  }
 }